CVE-2022-23048

Published: Feb 9, 2022Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands.

Affected (1)

Products: Exponentcms: Exponent Cms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Exponentcms Exponent Cms	Version 2.6.0 patch2

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460

Source: help@fluidattacks.com

ExploitIssue TrackingVendor Advisory

https://fluidattacks.com/advisories/dylan/

Source: help@fluidattacks.com

ExploitIssue TrackingThird Party Advisory

https://github.com/exponentcms/exponent-cms/issues/1546

Source: help@fluidattacks.com

ExploitIssue TrackingThird Party Advisory

https://exponentcms.lighthouseapp.com/projects/61783/tickets/1460

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingVendor Advisory

https://fluidattacks.com/advisories/dylan/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://github.com/exponentcms/exponent-cms/issues/1546

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.